The Justice Department alleges in an unsealed indictment that three Iranian nationals hacked hundreds of organizations across the globe, extorting them for personal financial gain.
According to charges filed in a New Jersey federal court, alleged victim organizations include a domestic violence shelter in Pennsylvania, a Mississippi power company, and New Jersey municipalities.
The indictment does not allege that the Iranians carried out those hacks on behalf of the Iranian government. According to the Treasury Department, however, the three Iranians were sanctioned on Wednesday because they worked for Iranian Revolutionary Guard Corps-affiliated IT firms.
The Iranian hackers sometimes demanded ransom payments of hundreds of thousands of dollars to unlock computers, a Justice Department official reported.
A request for comment on the Justice Department allegations was not immediately responded to by Iran’s Permanent Mission to the United Nations.
According to US officials, it’s another example of Iran’s reckless cyber behavior, which has cost US businesses, government agencies, and NATO allies alike. Albanian officials have accused Iran twice since July of conducting hacks that have knocked Albanian government services offline, testing the Biden administration’s ability to defend a NATO ally from hacking.
Iran denied the allegations. The White House condemns Tehran for the July hack and said US officials are working on the recovery in Albania.
According to a senior Justice Department official, the newly indicted Iranians — Mansour Ahmadi, Ahmad Khatib Aghda, and Amir Hossein Nickaein Ravari — reside in Iran. Unless the three Iranians travel to a country with which the US has an extradition agreement, the chances of them being taken into US custody are slim.
FBI Director Christopher Wray said in a video statement Wednesday that these three individuals belong to a group of cybercriminals who attack critical infrastructure and public services.
Ahmadi, Aghda and Ravari along with seven other Iranians were sanctioned as part of Wednesday’s crackdown on alleged Iranian hacking. They were accused of working for Iranian IT firms affiliated with the Islamic Revolutionary Guard Corps. As much as $10 million was offered by the State Department for Ahmadi, Aghda and Ravari.
Several ransomware attacks, including one on Boston Children’s Hospital in June 2021, were attributed to Iranian hackers. FBI officials say they were able to thwart the hackers and no patient care was affected.
Tehran denied involvement in the incident, which Wray described as “one of the most despicable cyberattacks I’ve ever seen.”
An advisory released by the US and its allies, such as Canada and the UK, aims to blunt the impact of future IRGC-linked hacks.
In countries like Iran, some analysts say, there is often a blurred line between government and cybercriminals.
According to Saher Naumaan, principal threat intelligence analyst at BAE Systems, who tracks Iranian hackers closely, recent announcements from US government agencies reinforce our understanding of the Iranian cyber ecosystem, heavily dependent on third-party contractors for both the IRGC and the Ministry of Intelligence and Security. “The companies are often front companies for the intelligence agencies, where the individuals are directly involved in operations or they can be on the periphery in support roles such as training academies.”
For more on this story, please consider these sources:
- FBI charges three Iranians in cyber attacks targeting local US governments, power companies Fox News
- Newly unsealed indictment accuses three Iranian nationals of ransomware attacks against hundreds of U.S. victims CNBC
- US charges 3 Iranians for hacking and extortion scheme against range of US organizations CNN
- U.S. indicts Iranian hackers for attacks on critical infrastructure POLITICO
- 3 Iranian nationals charged in ransomware attacks in NJ, believed to be behind worldwide hackings WABC-TV